FBI v Apple - Implications for digital security
The FBI and Apple are in a bitter legal war in relation to access to information on the iPhone of one of the San Bernardino attackers. The FBI is seeking orders forcing Apple to create a new iPhone operating system (OS) that will circumvent several security features in order to install it on the attacker’s iPhone so as to access files and data.
A major security feature of the iPhone is that each phone has a unique random factory generated “encryption key,” which can only be accessed when the user enters in the correct PIN code. The key is embedded on the phone and, combined with the PIN code, allows access.
After ten failed attempts of guessing the PIN, the phone does not simply wipe the data - it erases the encryption key. Thereafter, even Apple itself can’t access the encryption key of a particular phone.
It is because of this security feature that the FBI has sought orders to force Apple to create a new OS that removes this feature as well as the time delay that is seen between failed PIN attempts.
With the new OS, the FBI can freely use what’s known as a ‘brute force’ attack to try and guess the PIN without the time delay between each incorrect guess (that slows the process down considerably) and without the risk of the system auto-erasing the encryption key.
Apple’s point of view
Apple’s viewpoint was made clear in CEO Tim Cook’s “A Message to Our Customers.” Ultimately, Apple’s concern is that this new OS may fall into the wrong hands which could threaten the security of all iPhones.
The FBI’s point of view
The FBI has argued that it will only be used in this one instance on this one particular iPhone so that they may access the files and data of the San Bernardino attacker.
FBI Director James Comey recently stated “we simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly [via ‘brute force’ attack]…we don’t want to break anyone’s encryption or set a master key loose on the land.”
My point of view
Despite the FBI’s argument that the new OS will only be used in this particular case, there is no guarantee that it won’t be used again or fall into the hands of the wrong people.
In fact, while the Justice Department has tried to cast the issue as being narrowly focused on one iPhone, it was recently acknowledged by Comey that if the government succeeds in this case it could set a precedent for other cases.
Manhattan District Attorney Cyrus Vance has said he has 175 iPhones waiting to be unlocked, but the number has now risen to 205.
Putting the above aside, we are all well aware of the power of hackers in this day and age. Should this new OS be hacked, and make no mistake, there will be numerous hackers that will try to access this OS then all iPhones are at risk.
The main argument of #TeamFBI seems to be “if you have nothing to hide you have nothing to fear.” This is not about having something to hide (particularly from the ‘government’), it is about protecting your personal information and data from the world at large. Independent news website, The Conversation has made this point clear in the following statement “[it’s] not whether you have anything to hide, but whom you might want to hide your information from.”
Personally, we think creator of McAfee Anti-Virus, John McAfee’s comments on the matter have been spot on. McAfee was recently quoted saying “The...FBI…who says, 'we will protect this software and only use it on one phone,' that agency was hacked by a 15-year-old boy just last week, who walked off with all the personnel records including, [of] undercover agents.”
McAfee went on to say “what frightens me even more about this is that a federal judge in America [who] is so illiterate in cyber security…would allow this order to go through.”
That’s a point well made.
So, whose side are you on in the #FBIvsApple case - #TeamFBI or #TeamApple?
For more information, please contact our Digital Media & Technology team in Parramatta, Norwest and Penrith.